ActivityPub Viewer

A small tool to view real-world ActivityPub objects as JSON! Enter a URL or username from Mastodon or a similar service below, and we'll send a request with the right Accept header to the server to view the underlying object.

Open in browser →
{ "@context": [ "https://www.w3.org/ns/activitystreams", { "ostatus": "http://ostatus.org#", "atomUri": "ostatus:atomUri", "inReplyToAtomUri": "ostatus:inReplyToAtomUri", "conversation": "ostatus:conversation", "sensitive": "as:sensitive", "toot": "http://joinmastodon.org/ns#", "votersCount": "toot:votersCount", "litepub": "http://litepub.social/ns#", "directMessage": "litepub:directMessage", "Hashtag": "as:Hashtag" } ], "id": "https://infosec.exchange/users/resingm/outbox?min_id=111249539604596374&page=true", "type": "OrderedCollectionPage", "next": "https://infosec.exchange/users/resingm/outbox?max_id=111252210147986145&page=true", "prev": "https://infosec.exchange/users/resingm/outbox?min_id=111507675573435476&page=true", "partOf": "https://infosec.exchange/users/resingm/outbox", "orderedItems": [ { "id": "https://infosec.exchange/users/resingm/statuses/111507675573435476/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-12-01T23:08:20Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://emacs.ch/users/brokenix" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111507675573435476", "type": "Note", "summary": null, "inReplyTo": "https://emacs.ch/users/brokenix/statuses/111507467307965806", "published": "2023-12-01T23:08:20Z", "url": "https://infosec.exchange/@resingm/111507675573435476", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://emacs.ch/users/brokenix" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111507675573435476", "inReplyToAtomUri": "https://emacs.ch/users/brokenix/statuses/111507467307965806", "conversation": "tag:emacs.ch,2023-12-01:objectId=11841109:objectType=Conversation", "content": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://emacs.ch/@brokenix\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>brokenix</span></a></span> - agreed.</p>", "contentMap": { "en": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://emacs.ch/@brokenix\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>brokenix</span></a></span> - agreed.</p>" }, "attachment": [], "tag": [ { "type": "Mention", "href": "https://emacs.ch/users/brokenix", "name": "@brokenix@emacs.ch" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111507675573435476/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111507675573435476/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111507675573435476/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111507675573435476/likes", "type": "Collection", "totalItems": 1 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111507675573435476/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111506433800965623/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-12-01T17:52:32Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://ioc.exchange/users/CKL" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111506433800965623", "type": "Note", "summary": null, "inReplyTo": "https://ioc.exchange/users/CKL/statuses/111297219212050120", "published": "2023-12-01T17:52:32Z", "url": "https://infosec.exchange/@resingm/111506433800965623", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://ioc.exchange/users/CKL" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111506433800965623", "inReplyToAtomUri": "https://ioc.exchange/users/CKL/statuses/111297219212050120", "conversation": "tag:ioc.exchange,2023-10-25:objectId=58220752:objectType=Conversation", "content": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://ioc.exchange/@CKL\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>CKL</span></a></span> - Any update on this?</p>", "contentMap": { "de": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://ioc.exchange/@CKL\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>CKL</span></a></span> - Any update on this?</p>" }, "attachment": [], "tag": [ { "type": "Mention", "href": "https://ioc.exchange/users/CKL", "name": "@CKL@ioc.exchange" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111506433800965623/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111506433800965623/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111506433800965623/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111506433800965623/likes", "type": "Collection", "totalItems": 0 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111506433800965623/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111504710160600705/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-12-01T10:34:11Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111504710160600705", "type": "Note", "summary": null, "inReplyTo": null, "published": "2023-12-01T10:34:11Z", "url": "https://infosec.exchange/@resingm/111504710160600705", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111504710160600705", "inReplyToAtomUri": null, "conversation": "tag:infosec.exchange,2023-12-01:objectId=114374883:objectType=Conversation", "content": "<p>Glad to see that Verisign plans ahead for a <a href=\"https://infosec.exchange/tags/DNSSEC\" class=\"mention hashtag\" rel=\"tag\">#<span>DNSSEC</span></a> algorithm rollover for the <code>com.</code> TLD. The plan is to discard algorithm 8 (RSA/SHA256) and instead deploy algorithm 13 (ECDSA/SHA-256). Great to see that the largest TLD of planet earth moving towards algorithms with smaller key sizes.</p><p>I checked my <a href=\"https://infosec.exchange/tags/pdns\" class=\"mention hashtag\" rel=\"tag\">#<span>pdns</span></a> database of my public resolvers. To give a comparison for the size reduction (and the reduction of DNS R/A potential):</p><p><code>com.</code>, signed with algorithm 8 returned close to 936 bytes of data.<br><code>nl.</code>, signed with algorithm 13 returns 289 bytes of data.</p><p>This is a reduction of ~70% of the response sizes for DNSSEC validation.</p><p>The rollover is to be expected on or around December 07. More on it in their <a href=\"https://blog.verisign.com/security/dnssec-algorithm-update/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">blog</a>.</p><p><a href=\"https://infosec.exchange/tags/dns\" class=\"mention hashtag\" rel=\"tag\">#<span>dns</span></a> <a href=\"https://infosec.exchange/tags/tld\" class=\"mention hashtag\" rel=\"tag\">#<span>tld</span></a> <a href=\"https://infosec.exchange/tags/ddos\" class=\"mention hashtag\" rel=\"tag\">#<span>ddos</span></a></p>", "contentMap": { "en": "<p>Glad to see that Verisign plans ahead for a <a href=\"https://infosec.exchange/tags/DNSSEC\" class=\"mention hashtag\" rel=\"tag\">#<span>DNSSEC</span></a> algorithm rollover for the <code>com.</code> TLD. The plan is to discard algorithm 8 (RSA/SHA256) and instead deploy algorithm 13 (ECDSA/SHA-256). Great to see that the largest TLD of planet earth moving towards algorithms with smaller key sizes.</p><p>I checked my <a href=\"https://infosec.exchange/tags/pdns\" class=\"mention hashtag\" rel=\"tag\">#<span>pdns</span></a> database of my public resolvers. To give a comparison for the size reduction (and the reduction of DNS R/A potential):</p><p><code>com.</code>, signed with algorithm 8 returned close to 936 bytes of data.<br><code>nl.</code>, signed with algorithm 13 returns 289 bytes of data.</p><p>This is a reduction of ~70% of the response sizes for DNSSEC validation.</p><p>The rollover is to be expected on or around December 07. More on it in their <a href=\"https://blog.verisign.com/security/dnssec-algorithm-update/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">blog</a>.</p><p><a href=\"https://infosec.exchange/tags/dns\" class=\"mention hashtag\" rel=\"tag\">#<span>dns</span></a> <a href=\"https://infosec.exchange/tags/tld\" class=\"mention hashtag\" rel=\"tag\">#<span>tld</span></a> <a href=\"https://infosec.exchange/tags/ddos\" class=\"mention hashtag\" rel=\"tag\">#<span>ddos</span></a></p>" }, "attachment": [], "tag": [ { "type": "Hashtag", "href": "https://infosec.exchange/tags/dnssec", "name": "#dnssec" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/pdns", "name": "#pdns" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/dns", "name": "#dns" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/tld", "name": "#tld" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/ddos", "name": "#ddos" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111504710160600705/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111504710160600705/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111504710160600705/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111504710160600705/likes", "type": "Collection", "totalItems": 1 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111504710160600705/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111493286966712026/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-11-29T10:09:07Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://cyberplace.social/users/GossiTheDog" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111493286966712026", "type": "Note", "summary": null, "inReplyTo": "https://cyberplace.social/users/GossiTheDog/statuses/111493239111611779", "published": "2023-11-29T10:09:07Z", "url": "https://infosec.exchange/@resingm/111493286966712026", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://cyberplace.social/users/GossiTheDog" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111493286966712026", "inReplyToAtomUri": "https://cyberplace.social/users/GossiTheDog/statuses/111493239111611779", "conversation": "tag:cyberplace.social,2023-11-29:objectId=16465689:objectType=Conversation", "content": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://cyberplace.social/@GossiTheDog\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>GossiTheDog</span></a></span> - ouch ...</p>", "contentMap": { "en": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://cyberplace.social/@GossiTheDog\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>GossiTheDog</span></a></span> - ouch ...</p>" }, "attachment": [], "tag": [ { "type": "Mention", "href": "https://cyberplace.social/users/GossiTheDog", "name": "@GossiTheDog@cyberplace.social" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111493286966712026/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111493286966712026/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111493286966712026/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111493286966712026/likes", "type": "Collection", "totalItems": 2 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111493286966712026/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111462013715363690/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-11-23T21:35:55Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111462013715363690", "type": "Note", "summary": null, "inReplyTo": null, "published": "2023-11-23T21:35:55Z", "url": "https://infosec.exchange/@resingm/111462013715363690", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111462013715363690", "inReplyToAtomUri": null, "conversation": "tag:infosec.exchange,2023-11-23:objectId=112552230:objectType=Conversation", "content": "<p>A hobby project of mine is a network of a few public resolvers with the aim of gaining insights into the <a href=\"https://infosec.exchange/tags/DNS\" class=\"mention hashtag\" rel=\"tag\">#<span>DNS</span></a> threat landscape. This evening, I expanded my network by two new servers in the <a href=\"https://infosec.exchange/tags/APAC\" class=\"mention hashtag\" rel=\"tag\">#<span>APAC</span></a> region.</p><p>Within less than an hour, I saw the first <code>sl. ANY</code> queries to the same target IP.</p><p>It looks like the IP is a scanner to probe for new public resolvers for R/A <a href=\"https://infosec.exchange/tags/DDoS\" class=\"mention hashtag\" rel=\"tag\">#<span>DDoS</span></a> attacks. Within the last 24 hours, almost all of my resolvers saw a single <code>sl. ANY</code> query from the same IP exactly once.</p>", "contentMap": { "en": "<p>A hobby project of mine is a network of a few public resolvers with the aim of gaining insights into the <a href=\"https://infosec.exchange/tags/DNS\" class=\"mention hashtag\" rel=\"tag\">#<span>DNS</span></a> threat landscape. This evening, I expanded my network by two new servers in the <a href=\"https://infosec.exchange/tags/APAC\" class=\"mention hashtag\" rel=\"tag\">#<span>APAC</span></a> region.</p><p>Within less than an hour, I saw the first <code>sl. ANY</code> queries to the same target IP.</p><p>It looks like the IP is a scanner to probe for new public resolvers for R/A <a href=\"https://infosec.exchange/tags/DDoS\" class=\"mention hashtag\" rel=\"tag\">#<span>DDoS</span></a> attacks. Within the last 24 hours, almost all of my resolvers saw a single <code>sl. ANY</code> query from the same IP exactly once.</p>" }, "updated": "2023-11-23T21:37:21Z", "attachment": [], "tag": [ { "type": "Hashtag", "href": "https://infosec.exchange/tags/dns", "name": "#dns" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/apac", "name": "#apac" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/ddos", "name": "#ddos" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111462013715363690/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111462013715363690/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111462013715363690/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111462013715363690/likes", "type": "Collection", "totalItems": 1 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111462013715363690/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111459770405270520/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-11-23T12:05:25Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111459770405270520", "type": "Note", "summary": null, "inReplyTo": null, "published": "2023-11-23T12:05:25Z", "url": "https://infosec.exchange/@resingm/111459770405270520", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111459770405270520", "inReplyToAtomUri": null, "conversation": "tag:infosec.exchange,2023-11-23:objectId=112435289:objectType=Conversation", "content": "<p>For whatever reason, one can find plenty of websites that simpy show the text of <a href=\"https://infosec.exchange/tags/RFC1925\" class=\"mention hashtag\" rel=\"tag\">#<span>RFC1925</span></a> in the alternative <a href=\"https://infosec.exchange/tags/DNS\" class=\"mention hashtag\" rel=\"tag\">#<span>DNS</span></a> root <a href=\"https://infosec.exchange/tags/OpenNIC\" class=\"mention hashtag\" rel=\"tag\">#<span>OpenNIC</span></a>. </p><p>An example:</p><p>kovac[.]bit<br>kral[.]bit<br>radvany[.]bit</p><p>Today, 45 domain names point to the same server.</p>", "contentMap": { "en": "<p>For whatever reason, one can find plenty of websites that simpy show the text of <a href=\"https://infosec.exchange/tags/RFC1925\" class=\"mention hashtag\" rel=\"tag\">#<span>RFC1925</span></a> in the alternative <a href=\"https://infosec.exchange/tags/DNS\" class=\"mention hashtag\" rel=\"tag\">#<span>DNS</span></a> root <a href=\"https://infosec.exchange/tags/OpenNIC\" class=\"mention hashtag\" rel=\"tag\">#<span>OpenNIC</span></a>. </p><p>An example:</p><p>kovac[.]bit<br>kral[.]bit<br>radvany[.]bit</p><p>Today, 45 domain names point to the same server.</p>" }, "updated": "2023-11-23T13:02:38Z", "attachment": [], "tag": [ { "type": "Hashtag", "href": "https://infosec.exchange/tags/rfc1925", "name": "#rfc1925" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/dns", "name": "#dns" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/opennic", "name": "#opennic" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111459770405270520/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111459770405270520/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111459770405270520/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111459770405270520/likes", "type": "Collection", "totalItems": 0 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111459770405270520/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111385173338752412/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-11-10T07:54:24Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://mastodon.social/users/operative" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111385173338752412", "type": "Note", "summary": null, "inReplyTo": "https://mastodon.social/users/operative/statuses/111346770558667146", "published": "2023-11-10T07:54:24Z", "url": "https://infosec.exchange/@resingm/111385173338752412", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://mastodon.social/users/operative" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111385173338752412", "inReplyToAtomUri": "https://mastodon.social/users/operative/statuses/111346770558667146", "conversation": "tag:mastodon.social,2023-11-03:objectId=571063578:objectType=Conversation", "content": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://mastodon.social/@operative\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>operative</span></a></span> - Versuch es mal mot desec.io - ein Berliner e.V.</p>", "contentMap": { "de": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://mastodon.social/@operative\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>operative</span></a></span> - Versuch es mal mot desec.io - ein Berliner e.V.</p>" }, "attachment": [], "tag": [ { "type": "Mention", "href": "https://mastodon.social/users/operative", "name": "@operative@mastodon.social" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111385173338752412/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111385173338752412/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111385173338752412/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111385173338752412/likes", "type": "Collection", "totalItems": 1 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111385173338752412/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111370434178137851/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-11-07T17:26:02Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111370434178137851", "type": "Note", "summary": null, "inReplyTo": null, "published": "2023-11-07T17:26:02Z", "url": "https://infosec.exchange/@resingm/111370434178137851", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111370434178137851", "inReplyToAtomUri": null, "conversation": "tag:infosec.exchange,2023-11-07:objectId=108552505:objectType=Conversation", "content": "<p>A new <a href=\"https://infosec.exchange/tags/NETSCOUT\" class=\"mention hashtag\" rel=\"tag\">#<span>NETSCOUT</span></a> blog post went live on the notorious <a href=\"https://infosec.exchange/tags/threat\" class=\"mention hashtag\" rel=\"tag\">#<span>threat</span></a> actor group Anonymous Sudan:</p><p><a href=\"https://www.netscout.com/blog/asert/anonymous-sudan\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">netscout.com/blog/asert/anonym</span><span class=\"invisible\">ous-sudan</span></a></p><p><a href=\"https://infosec.exchange/tags/AnonymousSudan\" class=\"mention hashtag\" rel=\"tag\">#<span>AnonymousSudan</span></a> <a href=\"https://infosec.exchange/tags/killnet\" class=\"mention hashtag\" rel=\"tag\">#<span>killnet</span></a> <a href=\"https://infosec.exchange/tags/ASERT\" class=\"mention hashtag\" rel=\"tag\">#<span>ASERT</span></a></p>", "contentMap": { "en": "<p>A new <a href=\"https://infosec.exchange/tags/NETSCOUT\" class=\"mention hashtag\" rel=\"tag\">#<span>NETSCOUT</span></a> blog post went live on the notorious <a href=\"https://infosec.exchange/tags/threat\" class=\"mention hashtag\" rel=\"tag\">#<span>threat</span></a> actor group Anonymous Sudan:</p><p><a href=\"https://www.netscout.com/blog/asert/anonymous-sudan\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">netscout.com/blog/asert/anonym</span><span class=\"invisible\">ous-sudan</span></a></p><p><a href=\"https://infosec.exchange/tags/AnonymousSudan\" class=\"mention hashtag\" rel=\"tag\">#<span>AnonymousSudan</span></a> <a href=\"https://infosec.exchange/tags/killnet\" class=\"mention hashtag\" rel=\"tag\">#<span>killnet</span></a> <a href=\"https://infosec.exchange/tags/ASERT\" class=\"mention hashtag\" rel=\"tag\">#<span>ASERT</span></a></p>" }, "attachment": [], "tag": [ { "type": "Hashtag", "href": "https://infosec.exchange/tags/netscout", "name": "#netscout" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/threat", "name": "#threat" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/anonymoussudan", "name": "#anonymoussudan" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/killnet", "name": "#killnet" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/asert", "name": "#asert" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111370434178137851/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111370434178137851/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111370434178137851/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111370434178137851/likes", "type": "Collection", "totalItems": 0 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111370434178137851/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111358322415259322/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-11-05T14:05:52Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111358322415259322", "type": "Note", "summary": null, "inReplyTo": "https://infosec.exchange/users/resingm/statuses/111352221366971359", "published": "2023-11-05T14:05:52Z", "url": "https://infosec.exchange/@resingm/111358322415259322", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111358322415259322", "inReplyToAtomUri": "https://infosec.exchange/users/resingm/statuses/111352221366971359", "conversation": "tag:infosec.exchange,2023-11-04:objectId=107790141:objectType=Conversation", "content": "<p>Update 2: Post appears to be disabled by now. And it looks like the original profile was even deleted. Case solved, I suppose.</p>", "contentMap": { "en": "<p>Update 2: Post appears to be disabled by now. And it looks like the original profile was even deleted. Case solved, I suppose.</p>" }, "attachment": [], "tag": [], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111358322415259322/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111358322415259322/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111358322415259322/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111358322415259322/likes", "type": "Collection", "totalItems": 0 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111358322415259322/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111353461227782930/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-11-04T17:29:36Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111353461227782930", "type": "Note", "summary": null, "inReplyTo": "https://infosec.exchange/users/resingm/statuses/111352221366971359", "published": "2023-11-04T17:29:36Z", "url": "https://infosec.exchange/@resingm/111353461227782930", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111353461227782930", "inReplyToAtomUri": "https://infosec.exchange/users/resingm/statuses/111352221366971359", "conversation": "tag:infosec.exchange,2023-11-04:objectId=107790141:objectType=Conversation", "content": "<p>Well, it turned out it is likely not. A researcher at my University claimed that the academic real of quantum computing is \"full of these overambitious claims of breakthrough on factorization\". Apparently, it was just the first time I saw it in my timeline.</p>", "contentMap": { "en": "<p>Well, it turned out it is likely not. A researcher at my University claimed that the academic real of quantum computing is \"full of these overambitious claims of breakthrough on factorization\". Apparently, it was just the first time I saw it in my timeline.</p>" }, "attachment": [], "tag": [], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111353461227782930/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111353461227782930/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111353461227782930/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111353461227782930/likes", "type": "Collection", "totalItems": 0 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111353461227782930/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111352221366971359/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-11-04T12:14:17Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111352221366971359", "type": "Note", "summary": null, "inReplyTo": null, "published": "2023-11-04T12:14:17Z", "url": "https://infosec.exchange/@resingm/111352221366971359", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111352221366971359", "inReplyToAtomUri": null, "conversation": "tag:infosec.exchange,2023-11-04:objectId=107790141:objectType=Conversation", "content": "<p>Can this be taken serious?</p><p>The author claims RSA-2048 can be broken on commodity hardware.</p><p><a href=\"https://www.linkedin.com/feed/update/urn:li:activity:7125215279688601600/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">linkedin.com/feed/update/urn:l</span><span class=\"invisible\">i:activity:7125215279688601600/</span></a></p><p><a href=\"https://infosec.exchange/tags/rsa\" class=\"mention hashtag\" rel=\"tag\">#<span>rsa</span></a> <a href=\"https://infosec.exchange/tags/quantumcomputing\" class=\"mention hashtag\" rel=\"tag\">#<span>quantumcomputing</span></a> <a href=\"https://infosec.exchange/tags/postquantum\" class=\"mention hashtag\" rel=\"tag\">#<span>postquantum</span></a> <a href=\"https://infosec.exchange/tags/encryption\" class=\"mention hashtag\" rel=\"tag\">#<span>encryption</span></a></p>", "contentMap": { "en": "<p>Can this be taken serious?</p><p>The author claims RSA-2048 can be broken on commodity hardware.</p><p><a href=\"https://www.linkedin.com/feed/update/urn:li:activity:7125215279688601600/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">linkedin.com/feed/update/urn:l</span><span class=\"invisible\">i:activity:7125215279688601600/</span></a></p><p><a href=\"https://infosec.exchange/tags/rsa\" class=\"mention hashtag\" rel=\"tag\">#<span>rsa</span></a> <a href=\"https://infosec.exchange/tags/quantumcomputing\" class=\"mention hashtag\" rel=\"tag\">#<span>quantumcomputing</span></a> <a href=\"https://infosec.exchange/tags/postquantum\" class=\"mention hashtag\" rel=\"tag\">#<span>postquantum</span></a> <a href=\"https://infosec.exchange/tags/encryption\" class=\"mention hashtag\" rel=\"tag\">#<span>encryption</span></a></p>" }, "attachment": [], "tag": [ { "type": "Hashtag", "href": "https://infosec.exchange/tags/rsa", "name": "#rsa" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/quantumcomputing", "name": "#quantumcomputing" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/postquantum", "name": "#postquantum" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/encryption", "name": "#encryption" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111352221366971359/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111352221366971359/replies?min_id=111358322415259322&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111352221366971359/replies", "items": [ "https://infosec.exchange/users/resingm/statuses/111353461227782930", "https://infosec.exchange/users/resingm/statuses/111358322415259322" ] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111352221366971359/likes", "type": "Collection", "totalItems": 0 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111352221366971359/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111337414282011785/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-11-01T21:28:39Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://fosstodon.org/users/winfried" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111337414282011785", "type": "Note", "summary": null, "inReplyTo": "https://fosstodon.org/users/winfried/statuses/111337367252941551", "published": "2023-11-01T21:28:39Z", "url": "https://infosec.exchange/@resingm/111337414282011785", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://fosstodon.org/users/winfried" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111337414282011785", "inReplyToAtomUri": "https://fosstodon.org/users/winfried/statuses/111337367252941551", "conversation": "tag:infosec.exchange,2023-11-01:objectId=107156261:objectType=Conversation", "content": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://fosstodon.org/@winfried\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>winfried</span></a></span> - for sure the endpoint gives it away, but I doubt that an ISP handshakes with every IP that shows up in their TCP/443 upstream to see if it runs a resolver which responds to DoH. Yes, you can filter out known DNS revolvers, but its hard to believe to do that with all IPs. And thats, why I asked for fingerprinting techniques. I found some nice papers, that I'll work through next week. I might post a follow-up afterwards</p>", "contentMap": { "en": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://fosstodon.org/@winfried\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>winfried</span></a></span> - for sure the endpoint gives it away, but I doubt that an ISP handshakes with every IP that shows up in their TCP/443 upstream to see if it runs a resolver which responds to DoH. Yes, you can filter out known DNS revolvers, but its hard to believe to do that with all IPs. And thats, why I asked for fingerprinting techniques. I found some nice papers, that I'll work through next week. I might post a follow-up afterwards</p>" }, "attachment": [], "tag": [ { "type": "Mention", "href": "https://fosstodon.org/users/winfried", "name": "@winfried@fosstodon.org" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111337414282011785/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111337414282011785/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111337414282011785/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111337414282011785/likes", "type": "Collection", "totalItems": 0 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111337414282011785/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111337083879643511/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-11-01T20:04:37Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://fosstodon.org/users/winfried" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111337083879643511", "type": "Note", "summary": null, "inReplyTo": "https://fosstodon.org/users/winfried/statuses/111336986284287147", "published": "2023-11-01T20:04:37Z", "url": "https://infosec.exchange/@resingm/111337083879643511", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://fosstodon.org/users/winfried" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111337083879643511", "inReplyToAtomUri": "https://fosstodon.org/users/winfried/statuses/111336986284287147", "conversation": "tag:infosec.exchange,2023-11-01:objectId=107156261:objectType=Conversation", "content": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://fosstodon.org/@winfried\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>winfried</span></a></span> - same argument holds for VPNs, yet it remains an efficient tool for censorship circumvention, right? Also, can DoH traffic be fingerprinted? I believe there must be some research to it. I would expect DoH traffic to be distinguishable from regular HTTPS traffic, because I'd assume the payloads are smaller.</p>", "contentMap": { "en": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://fosstodon.org/@winfried\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>winfried</span></a></span> - same argument holds for VPNs, yet it remains an efficient tool for censorship circumvention, right? Also, can DoH traffic be fingerprinted? I believe there must be some research to it. I would expect DoH traffic to be distinguishable from regular HTTPS traffic, because I'd assume the payloads are smaller.</p>" }, "attachment": [], "tag": [ { "type": "Mention", "href": "https://fosstodon.org/users/winfried", "name": "@winfried@fosstodon.org" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111337083879643511/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111337083879643511/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111337083879643511/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111337083879643511/likes", "type": "Collection", "totalItems": 0 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111337083879643511/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111336936764019715/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-11-01T19:27:12Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111336936764019715", "type": "Note", "summary": null, "inReplyTo": null, "published": "2023-11-01T19:27:12Z", "url": "https://infosec.exchange/@resingm/111336936764019715", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111336936764019715", "inReplyToAtomUri": null, "conversation": "tag:infosec.exchange,2023-11-01:objectId=107156261:objectType=Conversation", "content": "<p><a href=\"https://infosec.exchange/tags/TIL\" class=\"mention hashtag\" rel=\"tag\">#<span>TIL</span></a> about a a national <a href=\"https://infosec.exchange/tags/DNS\" class=\"mention hashtag\" rel=\"tag\">#<span>DNS</span></a> regulation in Indonesia, which enforces all <a href=\"https://infosec.exchange/tags/Do53\" class=\"mention hashtag\" rel=\"tag\">#<span>Do53</span></a> traffic to non-national public resolvers to be either blocked, or redirected.</p><p><a href=\"https://infosec.exchange/tags/DoH\" class=\"mention hashtag\" rel=\"tag\">#<span>DoH</span></a> comes at help - and I might even change my mind concerning the controversary of DoH and my mixed opinions about it.</p><p><a href=\"https://en.wikipedia.org/wiki/Internet_censorship_in_Indonesia#National_DNS\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">en.wikipedia.org/wiki/Internet</span><span class=\"invisible\">_censorship_in_Indonesia#National_DNS</span></a></p>", "contentMap": { "en": "<p><a href=\"https://infosec.exchange/tags/TIL\" class=\"mention hashtag\" rel=\"tag\">#<span>TIL</span></a> about a a national <a href=\"https://infosec.exchange/tags/DNS\" class=\"mention hashtag\" rel=\"tag\">#<span>DNS</span></a> regulation in Indonesia, which enforces all <a href=\"https://infosec.exchange/tags/Do53\" class=\"mention hashtag\" rel=\"tag\">#<span>Do53</span></a> traffic to non-national public resolvers to be either blocked, or redirected.</p><p><a href=\"https://infosec.exchange/tags/DoH\" class=\"mention hashtag\" rel=\"tag\">#<span>DoH</span></a> comes at help - and I might even change my mind concerning the controversary of DoH and my mixed opinions about it.</p><p><a href=\"https://en.wikipedia.org/wiki/Internet_censorship_in_Indonesia#National_DNS\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">en.wikipedia.org/wiki/Internet</span><span class=\"invisible\">_censorship_in_Indonesia#National_DNS</span></a></p>" }, "attachment": [], "tag": [ { "type": "Hashtag", "href": "https://infosec.exchange/tags/til", "name": "#til" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/dns", "name": "#dns" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/do53", "name": "#do53" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/doh", "name": "#doh" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111336936764019715/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111336936764019715/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111336936764019715/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111336936764019715/likes", "type": "Collection", "totalItems": 0 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111336936764019715/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111319369385990858/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-10-29T16:59:36Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111319369385990858", "type": "Note", "summary": null, "inReplyTo": null, "published": "2023-10-29T16:59:36Z", "url": "https://infosec.exchange/@resingm/111319369385990858", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111319369385990858", "inReplyToAtomUri": null, "conversation": "tag:infosec.exchange,2023-10-29:objectId=106346066:objectType=Conversation", "content": "<p>Time for some personal cyber hygiene and finally getting rid of my <a href=\"https://infosec.exchange/tags/birdsite\" class=\"mention hashtag\" rel=\"tag\">#<span>birdsite</span></a> account. Thought, I go through it quickly, but there are two hiccups. On the one hand, I would like get a snapshot of the data the company has about me. I requested an archive, but it takes them 24 hours to provide that archive ...</p><p>On the other hand, I cannot \"deactivate\" my account unless I do not want to have that archive. Apparently, there is no direct way to delete your account. Their wording is \"deactivate\". This puts your acocunt into a 30-day quarantine, before your user data is (presumably) removed. No archives can be generated when an account is marked for deactivation. Yet, I have a 30-day window to revert my account deletion decision and all my data still stays in place?!</p><p>A pearl from my pile of flagged articles &amp; papers:</p><p><a href=\"https://threadreaderapp.com/thread/1589700721121058817.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">threadreaderapp.com/thread/158</span><span class=\"invisible\">9700721121058817.html</span></a></p>", "contentMap": { "en": "<p>Time for some personal cyber hygiene and finally getting rid of my <a href=\"https://infosec.exchange/tags/birdsite\" class=\"mention hashtag\" rel=\"tag\">#<span>birdsite</span></a> account. Thought, I go through it quickly, but there are two hiccups. On the one hand, I would like get a snapshot of the data the company has about me. I requested an archive, but it takes them 24 hours to provide that archive ...</p><p>On the other hand, I cannot \"deactivate\" my account unless I do not want to have that archive. Apparently, there is no direct way to delete your account. Their wording is \"deactivate\". This puts your acocunt into a 30-day quarantine, before your user data is (presumably) removed. No archives can be generated when an account is marked for deactivation. Yet, I have a 30-day window to revert my account deletion decision and all my data still stays in place?!</p><p>A pearl from my pile of flagged articles &amp; papers:</p><p><a href=\"https://threadreaderapp.com/thread/1589700721121058817.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">threadreaderapp.com/thread/158</span><span class=\"invisible\">9700721121058817.html</span></a></p>" }, "attachment": [], "tag": [ { "type": "Hashtag", "href": "https://infosec.exchange/tags/birdsite", "name": "#birdsite" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111319369385990858/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111319369385990858/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111319369385990858/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111319369385990858/likes", "type": "Collection", "totalItems": 0 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111319369385990858/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111319224308695818/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-10-29T16:22:42Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111319224308695818", "type": "Note", "summary": null, "inReplyTo": null, "published": "2023-10-29T16:22:42Z", "url": "https://infosec.exchange/@resingm/111319224308695818", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111319224308695818", "inReplyToAtomUri": null, "conversation": "tag:infosec.exchange,2023-10-29:objectId=106338744:objectType=Conversation", "content": "<p>Today, I stumbled upon my first find of a <a href=\"https://infosec.exchange/tags/domain\" class=\"mention hashtag\" rel=\"tag\">#<span>domain</span></a> squatting. Without going into details, who it was, I would still like to share the giveaways, how I spotted it:</p><p>Firstly, the original domain was a .com, whereas the imposter had the same name, but on a <a href=\"https://infosec.exchange/tags/ngTLD\" class=\"mention hashtag\" rel=\"tag\">#<span>ngTLD</span></a> which provides a fairly cheap first-year pricing model.</p><p>Secondly, resolving the original domain name returned two A records, which is not uncommon for redundancy reasons. Both IPs were hosted in the same large <a href=\"https://infosec.exchange/tags/cloud\" class=\"mention hashtag\" rel=\"tag\">#<span>cloud</span></a> provider. In contrast, the squatter had only a single A record, in a different ASN.</p><p>Let's stay in <a href=\"https://infosec.exchange/tags/DNS\" class=\"mention hashtag\" rel=\"tag\">#<span>DNS</span></a>: The NS records of the squatter also pointed to different nameservers than the victim.</p><p>Additionally, the original website forwarded any http request to the <a href=\"https://infosec.exchange/tags/https\" class=\"mention hashtag\" rel=\"tag\">#<span>https</span></a> endpoints and also had a nice little chat popping up, when visiting the website. The squatter website looked exactly the same, however had no forwarding to HTTPS, neither the dynamic elements of the website such as the chat.</p><p>Another give-away was the <a href=\"https://infosec.exchange/tags/certificateauthority\" class=\"mention hashtag\" rel=\"tag\">#<span>certificateauthority</span></a>. The original website used a commercial CA, whereas the imposter used the non-profit certificate authority <a href=\"https://infosec.exchange/tags/LetsEncrypt\" class=\"mention hashtag\" rel=\"tag\">#<span>LetsEncrypt</span></a>. Nothing wrong with LetsEncrypt, but it is a logical choice for adversaries since it signs domain names free of charge.</p><p>And last but not least, the <a href=\"https://infosec.exchange/tags/whois\" class=\"mention hashtag\" rel=\"tag\">#<span>whois</span></a> lookups for both domains point to different registries and different abuse contacts.</p><p>What I try to share in this post: There are many indicators for domain squatting or <a href=\"https://infosec.exchange/tags/phishing\" class=\"mention hashtag\" rel=\"tag\">#<span>phishing</span></a> sites. One has to pay attention to details, and there are multiple indicators for a malicious website. Just from the looks, the imposter was indistinguishable from the original. Yet, the details gave it away. The right people were informed, and it will be taken care of. Have a good rest of the weekend, everyone!</p>", "contentMap": { "en": "<p>Today, I stumbled upon my first find of a <a href=\"https://infosec.exchange/tags/domain\" class=\"mention hashtag\" rel=\"tag\">#<span>domain</span></a> squatting. Without going into details, who it was, I would still like to share the giveaways, how I spotted it:</p><p>Firstly, the original domain was a .com, whereas the imposter had the same name, but on a <a href=\"https://infosec.exchange/tags/ngTLD\" class=\"mention hashtag\" rel=\"tag\">#<span>ngTLD</span></a> which provides a fairly cheap first-year pricing model.</p><p>Secondly, resolving the original domain name returned two A records, which is not uncommon for redundancy reasons. Both IPs were hosted in the same large <a href=\"https://infosec.exchange/tags/cloud\" class=\"mention hashtag\" rel=\"tag\">#<span>cloud</span></a> provider. In contrast, the squatter had only a single A record, in a different ASN.</p><p>Let's stay in <a href=\"https://infosec.exchange/tags/DNS\" class=\"mention hashtag\" rel=\"tag\">#<span>DNS</span></a>: The NS records of the squatter also pointed to different nameservers than the victim.</p><p>Additionally, the original website forwarded any http request to the <a href=\"https://infosec.exchange/tags/https\" class=\"mention hashtag\" rel=\"tag\">#<span>https</span></a> endpoints and also had a nice little chat popping up, when visiting the website. The squatter website looked exactly the same, however had no forwarding to HTTPS, neither the dynamic elements of the website such as the chat.</p><p>Another give-away was the <a href=\"https://infosec.exchange/tags/certificateauthority\" class=\"mention hashtag\" rel=\"tag\">#<span>certificateauthority</span></a>. The original website used a commercial CA, whereas the imposter used the non-profit certificate authority <a href=\"https://infosec.exchange/tags/LetsEncrypt\" class=\"mention hashtag\" rel=\"tag\">#<span>LetsEncrypt</span></a>. Nothing wrong with LetsEncrypt, but it is a logical choice for adversaries since it signs domain names free of charge.</p><p>And last but not least, the <a href=\"https://infosec.exchange/tags/whois\" class=\"mention hashtag\" rel=\"tag\">#<span>whois</span></a> lookups for both domains point to different registries and different abuse contacts.</p><p>What I try to share in this post: There are many indicators for domain squatting or <a href=\"https://infosec.exchange/tags/phishing\" class=\"mention hashtag\" rel=\"tag\">#<span>phishing</span></a> sites. One has to pay attention to details, and there are multiple indicators for a malicious website. Just from the looks, the imposter was indistinguishable from the original. Yet, the details gave it away. The right people were informed, and it will be taken care of. Have a good rest of the weekend, everyone!</p>" }, "updated": "2023-10-29T16:40:22Z", "attachment": [], "tag": [ { "type": "Hashtag", "href": "https://infosec.exchange/tags/domain", "name": "#domain" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/ngtld", "name": "#ngtld" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/cloud", "name": "#cloud" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/dns", "name": "#dns" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/https", "name": "#https" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/certificateauthority", "name": "#certificateauthority" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/letsencrypt", "name": "#letsencrypt" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/whois", "name": "#whois" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/phishing", "name": "#phishing" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111319224308695818/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111319224308695818/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111319224308695818/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111319224308695818/likes", "type": "Collection", "totalItems": 1 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111319224308695818/shares", "type": "Collection", "totalItems": 1 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111296380568973339/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-10-25T15:33:14Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111296380568973339", "type": "Note", "summary": null, "inReplyTo": null, "published": "2023-10-25T15:33:14Z", "url": "https://infosec.exchange/@resingm/111296380568973339", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111296380568973339", "inReplyToAtomUri": null, "conversation": "tag:infosec.exchange,2023-10-25:objectId=105318744:objectType=Conversation", "content": "<p>Just recently, my colleagues at <a href=\"https://infosec.exchange/tags/NETSCOUT\" class=\"mention hashtag\" rel=\"tag\">#<span>NETSCOUT</span></a> <a href=\"https://infosec.exchange/tags/ASERT\" class=\"mention hashtag\" rel=\"tag\">#<span>ASERT</span></a> published a new blog post on the importance of <a href=\"https://infosec.exchange/tags/DDoS\" class=\"mention hashtag\" rel=\"tag\">#<span>DDoS</span></a> defense mechanisms for both authoritative nameservers and recursive resolvers. It also sheds light on DDoS trends <a href=\"https://infosec.exchange/tags/DNS\" class=\"mention hashtag\" rel=\"tag\">#<span>DNS</span></a> operators might want to pay attention to.</p><p><a href=\"https://www.netscout.com/blog/asert/the-power-of-names\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">netscout.com/blog/asert/the-po</span><span class=\"invisible\">wer-of-names</span></a></p>", "contentMap": { "en": "<p>Just recently, my colleagues at <a href=\"https://infosec.exchange/tags/NETSCOUT\" class=\"mention hashtag\" rel=\"tag\">#<span>NETSCOUT</span></a> <a href=\"https://infosec.exchange/tags/ASERT\" class=\"mention hashtag\" rel=\"tag\">#<span>ASERT</span></a> published a new blog post on the importance of <a href=\"https://infosec.exchange/tags/DDoS\" class=\"mention hashtag\" rel=\"tag\">#<span>DDoS</span></a> defense mechanisms for both authoritative nameservers and recursive resolvers. It also sheds light on DDoS trends <a href=\"https://infosec.exchange/tags/DNS\" class=\"mention hashtag\" rel=\"tag\">#<span>DNS</span></a> operators might want to pay attention to.</p><p><a href=\"https://www.netscout.com/blog/asert/the-power-of-names\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">netscout.com/blog/asert/the-po</span><span class=\"invisible\">wer-of-names</span></a></p>" }, "attachment": [], "tag": [ { "type": "Hashtag", "href": "https://infosec.exchange/tags/netscout", "name": "#netscout" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/asert", "name": "#asert" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/ddos", "name": "#ddos" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/dns", "name": "#dns" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111296380568973339/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111296380568973339/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111296380568973339/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111296380568973339/likes", "type": "Collection", "totalItems": 0 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111296380568973339/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111295725170271625/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-10-25T12:46:33Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://infosec.exchange/users/jkirk" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111295725170271625", "type": "Note", "summary": null, "inReplyTo": "https://infosec.exchange/users/jkirk/statuses/111293825471243754", "published": "2023-10-25T12:46:33Z", "url": "https://infosec.exchange/@resingm/111295725170271625", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://infosec.exchange/users/jkirk" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111295725170271625", "inReplyToAtomUri": "https://infosec.exchange/users/jkirk/statuses/111293825471243754", "conversation": "tag:infosec.exchange,2023-10-25:objectId=105203895:objectType=Conversation", "content": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://infosec.exchange/@jkirk\" class=\"u-url mention\">@<span>jkirk</span></a></span> - it also reads \"Your information is protected and not disclosed to anyone during this security check.\". If they use haveibeenpwnd, wouldn't they leak their user's login to that party? Quite a misleading statement.</p>", "contentMap": { "en": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://infosec.exchange/@jkirk\" class=\"u-url mention\">@<span>jkirk</span></a></span> - it also reads \"Your information is protected and not disclosed to anyone during this security check.\". If they use haveibeenpwnd, wouldn't they leak their user's login to that party? Quite a misleading statement.</p>" }, "attachment": [], "tag": [ { "type": "Mention", "href": "https://infosec.exchange/users/jkirk", "name": "@jkirk" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111295725170271625/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111295725170271625/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111295725170271625/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111295725170271625/likes", "type": "Collection", "totalItems": 0 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111295725170271625/shares", "type": "Collection", "totalItems": 0 } } }, { "id": "https://infosec.exchange/users/resingm/statuses/111257552298010514/activity", "type": "Announce", "actor": "https://infosec.exchange/users/resingm", "published": "2023-10-18T18:58:42Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/spamhaus", "https://infosec.exchange/users/resingm/followers" ], "object": "https://infosec.exchange/users/spamhaus/statuses/111250416946650135" }, { "id": "https://infosec.exchange/users/resingm/statuses/111252210147986145/activity", "type": "Create", "actor": "https://infosec.exchange/users/resingm", "published": "2023-10-17T20:20:07Z", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://mstdn.io/users/zeh" ], "object": { "id": "https://infosec.exchange/users/resingm/statuses/111252210147986145", "type": "Note", "summary": null, "inReplyTo": null, "published": "2023-10-17T20:20:07Z", "url": "https://infosec.exchange/@resingm/111252210147986145", "attributedTo": "https://infosec.exchange/users/resingm", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/resingm/followers", "https://mstdn.io/users/zeh" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/resingm/statuses/111252210147986145", "inReplyToAtomUri": null, "conversation": "tag:mstdn.io,2023-10-16:objectId=159164724:objectType=Conversation", "content": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://mstdn.io/@zeh\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>zeh</span></a></span> - Oh, don't worry. My resolvers resolve <a href=\"https://infosec.exchange/tags/opennic\" class=\"mention hashtag\" rel=\"tag\">#<span>opennic</span></a> TLDs. That was my motivation to setup my public resolvers in the first place.</p>", "contentMap": { "en": "<p><span class=\"h-card\" translate=\"no\"><a href=\"https://mstdn.io/@zeh\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>zeh</span></a></span> - Oh, don't worry. My resolvers resolve <a href=\"https://infosec.exchange/tags/opennic\" class=\"mention hashtag\" rel=\"tag\">#<span>opennic</span></a> TLDs. That was my motivation to setup my public resolvers in the first place.</p>" }, "attachment": [], "tag": [ { "type": "Mention", "href": "https://mstdn.io/users/zeh", "name": "@zeh@mstdn.io" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/opennic", "name": "#opennic" } ], "replies": { "id": "https://infosec.exchange/users/resingm/statuses/111252210147986145/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/resingm/statuses/111252210147986145/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/resingm/statuses/111252210147986145/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/resingm/statuses/111252210147986145/likes", "type": "Collection", "totalItems": 2 }, "shares": { "id": "https://infosec.exchange/users/resingm/statuses/111252210147986145/shares", "type": "Collection", "totalItems": 0 } } } ] }